Tuesday, August 14, 2018

ADRISYA: A FLOW BASED ANOMALY DETECTION SYSTEM FOR SLOW AND FAST SCAN

ADRISYA: A FLOW BASED ANOMALY DETECTION SYSTEM FOR SLOW AND FAST SCAN
Muraleedharan N and Arun Parmar
Centre for Development of Advanced Computing (C-DAC) Electronics City, Bangalore, India

ABSTRACT

Attackers perform port scan to find reachability, liveness and running services in a system or network. Current day scanning tools provide different scanning options and capable of evading various security tools like firewall, IDS and IPS. So in order to detect and prevent attacks in the early stages, an accurate detection of scanning activity in real time is very much essential. In this paper we present a flow based protocol behaviour analysis system to detect TCP based slow and fast scan. This system provides scalable, accurate and generic solution to TCP based scanning by means of automatic behaviour analysis of the network traffic. Detection capability of proposed system is compared with SNORT and result proves the high detection rate of the system over SNORT.

KEYWORDS

Scan detection, Flow, IPFIX, Anomaly, Entropy

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

International Journal of Network Security & Its Applications (IJNSA) - ERA, WJCI Indexed

#crytography #protocols #datacenter #network #optimization #database #systemsecurity #spam #phishing #email #iot #internetsecurity #intrusio...